Transcript PANA Authentication Agent AAA

Protocol carrying Authentication
for Network Access (PANA)
Subir Das/Basavaraj Patil
Telcordia Technologies Inc./Nokia
12/14/2001
Motivations
• Currently, the authentication process depends upon the type
of network that a user is attaching to and it is very much tied
to an access technology
• Since existing solutions are specific to access technologies, we
need either a new mechanism or an extension to existing
mechanism to authenticate users each time a new access
technology is being standardized
• A common protocol for performing user authentication at the
network layer (IP) or above could avoid the proliferation of
such access specific solutions
PANA Framework: Scenario1
PANA
AAA
DSLAM
PAA
Hub
Internet
WLAN BS
Radio tower
PAA – PANA Authentication Agent
AAA – Authentication, Authorization and Accounting
PANA Framework: Scenario 2
PANA
AAA
DSLAM
Local
Subnet
PAA
Hub
Apps Server
Internet
WLAN BS
Radio tower
PAA – PANA Authentication Agent
AAA – Authentication, Authorization and Accounting
Objective/Goals
• The working group's primary task is to define a protocol
between a user's device and a node in the network that
allows:
-- A device (on behalf of a user) to authenticate to an agent in the
local network. The agent is called PANA Authentication Agent
(PAA) in this charter
-- The device to discover the IP address of the PAA
-- The PAA to use either local mechanisms/knowledge, or the AAA
infrastructure i.e., being a client of the AAA, to authenticate the
device
• The WG’s secondary task is
to create a Local Security
Association (LSA) between the device and PAA after
successful initial authentication
Mailing list Information
• To subscribe:
[email protected]
In Body : (un) subscribe
• General Discussion
[email protected]
• Archive
ftp://ftp.research.telcordia.com/pub/Group.archive/pana/archive